CISA Identifies Actively Exploited Vulnerability in Progress Kemp LoadMaster

November 19, 2024

The U.S. Cybersecurity & Infrastructure Security Agency (CISA) has included three new vulnerabilities in its Known Exploited Vulnerabilities (KEV) catalog. One of these is a severe OS command injection vulnerability affecting Progress Kemp LoadMaster, a product widely used by large organizations for application delivery control and load balancing.

This vulnerability, tracked as CVE-2024-1212, was first detected by Rhino Security Labs and was addressed in an update released on February 21, 2024. This is the first report of active exploitation of this vulnerability in the wild. The flaw allows an unauthenticated, remote attacker to access the system via the LoadMaster management interface, enabling arbitrary system command execution.

The critical vulnerability, with a CVSS v3.1 score of 10.0, impacts LoadMaster versions 7.2.48.1 before 7.2.48.10, 7.2.54.0 before 7.2.54.8, and 7.2.55.0 before 7.2.59.2. CISA has directed federal organizations using the product to apply the available updates and mitigations until December 9, 2024, or cease using it.

Currently, no details about the active exploitation activity have been published. The status of its exploitation in ransomware campaigns is marked as unknown. The other two flaws added to the KEV by CISA are CVE-2024-0012 and CVE-2024-9474, which are authentication bypass and OS command injection flaws respectively, impacting Palo Alto Networks PAN-OS Management Interface.

Progress Software recently addressed another maximum severity flaw in LoadMaster products that allows remote attackers to execute arbitrary commands on the device. This flaw, identified as CVE-2024-7591, is categorized as an improper input validation problem that allows an unauthenticated, remote attacker to access LoadMaster’s management interface using a specially crafted HTTP request.

CVE-2024-7591 impacts LoadMaster version 7.2.60.0 and all previous versions, as well as MT Hypervisor version 7.1.35.11 and all prior releases. System administrators are advised to upgrade to a release that addresses both maximum severity flaws in LoadMaster, even though active exploitation for CVE-2024-7591 has not been observed yet.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.